The recent WannaCry attacks impacted more than 200,000 computer systems across 150 countries. The attacks were flawed but were crippling enough to halt the operations of major organizations for a few days.
They also shed some much needed light on how major companies like Microsoft (most of the systems hacked were Microsoft systems) leave outdated programs unsupported and vulnerable.
The Problem With Outdated
System updates and patches are released by software companies for a reason. Those updates fix major security holes in programs. Left unpatched, those holes leave the door wide open for hackers. But sometimes those patches don’t exist. This is the case with outdated systems that are no longer supported by software companies.
Hospitals were largely targeted during the WannaCry attacks - mainly because hospitals do not have updated systems.
Add to that fact the fact that companies no longer support those outdated systems, and you have a playground for hackers. Because the WannaCry attacks were so widespread, Microsoft has decided to provide organizations running outdated version of its programs with needed fixes.
The Drop and Go Problem
Software companies are in the business of making money. When a system drains too many of that company’s resources, that company often drops support for the system and moves on. It is rare - really rare - that a company like Microsoft provides a software fix for an outdated system. But, in this case, Microsoft did not have a choice.
Microsoft has released updates to Windows XP in addition to other programs. XP is the system that hackers most targeted during the WannaCry attacks. While it might seem like too little too late, Microsoft has told press that the company wants to prevent future attacks.
Changing the software that a massive organization like a hospital uses would be costly - and Microsoft doesn’t want to lose that business.
Other Companies to Follow Suit
Analysts expect other companies to follow in Microsoft’s footsteps. There are plenty of organizations worldwide running older operating systems. Changing those systems is simply too expensive - even though no current patches for security holes exist. That’s a dangerous game that many organizations play.
The WannaCry attacks aren’t entirely isolated either. Analysts predict more attacks to follow. WannaCry has been temporarily halted due to a flaw that hacker programmers may or may not have known about.
This flaw, however, might simply be temporary. The files that were used by cybercriminals to infect thousands of computer systems with a ransomware worm have also been leaked to others. Updated systems that include preemptive security patches are an organization’s best line of defense.
Even though the damage has already been done, Microsoft is attempting to stop future hacks from happening - at least with some of the company’s older systems. No current regulation is in place that forces a software company to provide support for a system past that system’s expiry date. This is something that many believe needs to change.
For now, though, companies like Microsoft might be scrambling in the next few months to provide patches for older systems before hackers can find holes.